RRL probably not useful for DNS IP blacklists, was Re: New Versions of BIND are available (9.9.4, 9.8.6, and 9.6-ESV-R10)
Eliezer Croitoru
eliezer at ngtech.co.il
Mon Sep 23 06:40:05 UTC 2013
On 09/20/2013 05:12 PM, Vernon Schryver wrote:
> The potential RRL problem is when you provide high volume DNSBL service
> over the open Internet to DNS clients that are not authenticated.
> However, that is unlikely to be a worry, because providing DNSBL
> services over the open Internet is dubious idea for unrelated reasons.
> Major DNSBL providers have years since limited anonymous clients for
> business or other reasons. For example, I think Spamhaus limits
> anonymous clients to fewer than 3 queries/second.
and I doubt they use RRL in the application level..
I assume they limit that on either IPTABLES\FW level.
What is the way to provide DBSBL using bind??
I was looking for something like that but I am sure a dynamic DB is
needed for the task right?
Eliezer
More information about the bind-users
mailing list